-
Notifications
You must be signed in to change notification settings - Fork 393
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactored out Servlet dependencies from core and toolkit
- Introduced `servlet-jakarta` and `servlet-javax` - Teased apart HTTP request and HTTP response objects along a common seam - Bumped version to 3.0.0 Also, bump dependencies so OWASP check passes from: Author: r-herasymenk <r.herasymenk@samsung.com> Date: Tue Jul 25 10:45:02 2023 -0700 $ mvn clean install ... [ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.3.1:check (default) on project java-saml-core: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': [ERROR] [ERROR] accessors-smart-2.4.7.jar: CVE-2022-45688 [ERROR] jackson-core-2.13.4.jar: CVE-2022-45688 [ERROR] json-smart-2.4.7.jar: CVE-2023-1370 [ERROR] netty-codec-4.1.68.Final.jar: CVE-2022-41881 [ERROR] netty-transport-4.1.68.Final.jar: CVE-2022-41881 [ERROR] stax2-api-4.2.1.jar: CVE-2022-40152 [ERROR] woodstox-core-6.2.6.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xml: CVE-2023-34411 [ERROR] woodstox-core-6.2.6.jar: CVE-2022-40152
- Loading branch information
1 parent
d133ffa
commit 813322d
Showing
33 changed files
with
1,441 additions
and
1,274 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
83 changes: 83 additions & 0 deletions
83
core/src/main/java/com/onelogin/saml2/http/HttpRequestUtils.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
package com.onelogin.saml2.http; | ||
|
||
import org.apache.commons.lang3.StringUtils; | ||
|
||
public class HttpRequestUtils { | ||
|
||
private HttpRequestUtils() { | ||
} | ||
|
||
/** | ||
* Returns the protocol + the current host + the port (if different than | ||
* common ports). | ||
* | ||
* @param request | ||
* HttpServletRequest object to be processed | ||
* | ||
* @return the HOST URL | ||
*/ | ||
public static String getSelfURLhost(HttpRequest request) { | ||
String hostUrl = StringUtils.EMPTY; | ||
final int serverPort = request.getServerPort(); | ||
if ((serverPort == 80) || (serverPort == 443) || serverPort == 0) { | ||
hostUrl = String.format("%s://%s", request.getScheme(), request.getServerName()); | ||
} else { | ||
hostUrl = String.format("%s://%s:%s", request.getScheme(), request.getServerName(), serverPort); | ||
} | ||
return hostUrl; | ||
} | ||
|
||
/** | ||
* Returns the URL of the current context + current view + query | ||
* | ||
* @param request | ||
* HttpServletRequest object to be processed | ||
* | ||
* @return current context + current view + query | ||
*/ | ||
public static String getSelfURL(HttpRequest request) { | ||
String url = getSelfURLhost(request); | ||
|
||
String requestUri = request.getRequestURI(); | ||
String queryString = request.getQueryString(); | ||
|
||
if (null != requestUri && !requestUri.isEmpty()) { | ||
url += requestUri; | ||
} | ||
|
||
if (null != queryString && !queryString.isEmpty()) { | ||
url += '?' + queryString; | ||
} | ||
return url; | ||
} | ||
|
||
/** | ||
* Returns the URL of the current host + current view. | ||
* | ||
* @param request | ||
* HttpServletRequest object to be processed | ||
* | ||
* @return current host + current view | ||
*/ | ||
public static String getSelfURLNoQuery(HttpRequest request) { | ||
return request.getRequestURL(); | ||
} | ||
|
||
/** | ||
* Returns the routed URL of the current host + current view. | ||
* | ||
* @param request | ||
* HttpServletRequest object to be processed | ||
* | ||
* @return the current routed url | ||
*/ | ||
public static String getSelfRoutedURLNoQuery(HttpRequest request) { | ||
String url = getSelfURLhost(request); | ||
String requestUri = request.getRequestURI(); | ||
if (null != requestUri && !requestUri.isEmpty()) { | ||
url += requestUri; | ||
} | ||
return url; | ||
} | ||
|
||
} |
Oops, something went wrong.